Debian Chromium vulnerabilities

CVE-2020-15988 [MEDIUM] CVE-2020-15988: chromium - Insufficient policy enforcement in downloads in Google Chrome on Windows prior t... Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid:

CVE-2020-16027 [MEDIUM] CVE-2020-16027: chromium - Insufficient policy enforcement in developer tools in Google Chrome prior to 87.... Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.

CVE-2020-6502 [MEDIUM] CVE-2020-6502: chromium - Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 a... Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) trixie: resolved (fixed in

CVE-2020-6460 [MEDIUM] CVE-2020-6460: chromium - Insufficient data validation in URL formatting in Google Chrome prior to 81.0.40... Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in 83.0.4103.83-1) sid: resolved (fixed in 83.0.4103.83-1) trixie: resolve

CVE-2020-6491 [MEDIUM] CVE-2020-6491: chromium - Insufficient data validation in site information in Google Chrome prior to 83.0.... Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in 83.0.4103.83-1) sid: resolved (fixed in 83.0.4103.83-1) trixie: resolved (fi

CVE-2020-6566 [MEDIUM] CVE-2020-6566: chromium - Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 ... Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved

CVE-2020-16030 [MEDIUM] CVE-2020-16030: chromium - Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 all... Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) t

CVE-2020-6538 [MEDIUM] CVE-2020-6538: chromium - Inappropriate implementation in WebView in Google Chrome on Android prior to 84.... Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie

CVE-2020-6435 [MEDIUM] CVE-2020-6435: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.404... Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 81.0.4044.92-1) bullseye: resolved (fixed in 81.0.4044.92-1) forky: resolved (fixed in 81.0.4044.92-1) sid: resolv

CVE-2020-6497 [MEDIUM] CVE-2020-6497: chromium - Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0... Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. Scope: local bookworm: resolved (fixed in 83.0.4103.106-1) bullseye: resolved (fixed in 83.0.4103.106-1) forky: resolved (fixed in 83.0.4103.106-1) sid: resolved (fixed in 83.0.4103.106-1) trixie: resolved

CVE-2020-6536 [MEDIUM] CVE-2020-6536: chromium - Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a r... Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolv

CVE-2020-6392 [MEDIUM] CVE-2020-6392: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.398... Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.1

CVE-2020-15973 [MEDIUM] CVE-2020-15973: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.424... Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88

CVE-2020-15985 [MEDIUM] CVE-2020-15985: chromium - Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 all... Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (fixed

CVE-2020-6494 [MEDIUM] CVE-2020-6494: chromium - Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103... Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 83.0.4103.106-1) bullseye: resolved (fixed in 83.0.4103.106-1) forky: resolved (fixed in 83.0.4103.106-1) sid: resolved (fixed in 83.0.4103.106

CVE-2020-15989 [MEDIUM] CVE-2020-15989: chromium - Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a re... Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.428

CVE-2020-6408 [MEDIUM] CVE-2020-6408: chromium - Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 a... Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) trixi

CVE-2020-6521 [MEDIUM] CVE-2020-6521: chromium - Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147... Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fi

CVE-2020-6481 [MEDIUM] CVE-2020-6481: chromium - Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0... Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in 83.0.4103.83-1) sid: resolved (fixed in 83.0.4103.83-1) trixie: resol

CVE-2020-6411 [MEDIUM] CVE-2020-6411: chromium - Insufficient validation of untrusted input in Omnibox in Google Chrome prior to ... Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.